Pages

Wednesday, May 8, 2013

While using Kautilya in penetration tests, one shortcoming of Kautilya always bug me. It is data exfiltration is with pastebin only. Specially with Keylogger module, the support only for pastebin reduces it to a PoC only thing. Not anymore, I give you Kautilya 0.4.3!

From this version onwards, Kautilya supports pastebin, gmail and tinypaste across all payloads which need to communicate with the internet. No more 10 posts limit which pastebin enforces. Gmail is the recommended choice for the keylogger payload because of the number of pastes or posts it does. If you have enabled two factor authentication for a gmail account, just generate a application specific password and use it with a payload, it works fine.

Tinypaste is also a good one as there are no limits on pasting.

Also, I have (finally) trimmed the variable names in powershell scripts which are generated by Kautilya. It means faster "typing" of payloads on a target. Enjoy!

If you want to contribute to Kautilya, contact me! You will be credited and there is guranteed fun.

Here is the CHANGELOG for Kautilya 0.4.3:

- Names of various payloads have been changed, mostly to remove pastebin from the name.
- Shortened variables names and poweshell cmdlets names in many payloads. Payloads are "typed" much faster by HID now.
- Fixed a bug on Get Target Credentials payload.
- Fixed a bug in DNS TXT Backdoor.
- Hashdump payload now uses TokenDuplication and does not schedules a task on the target, this means the payload is faster now.
- New communication options added to various payloads which exports data to pastebin/gmail/tinypaste.
- Posts to pastebin now use HTTPS.

i just check'd out the latest version of kautilya and give it a try.so i simply created my environment on kali linux which works fine.

i tested your work with the payload hashdump_powershelldown on a windows 7 x64 machine and a teensy 2.0++ device.

ok what happend:after putting the script to the teensy device i just run it against a target (putting the teensy device in in fact) and the script starts. but. i always recieved the error message "temp#capslog.vbs not found"

any ideas on this?

another question:i came around your project because i am seeking for a "ultimate" penstick. the basic version should be based on a teensy hardware 2.0++ or 3.0 and should offer the following things:-- should work completly offline--> when plugged into a windows box:collecting all informations like:computername, ipadress, subnetmask gateway and so ondumping all passes (hashes) like pwdump and store it on a folder which is named in format hostname_date_timedumping all wlan passwordsdumping all browser passwords...completly hidden.

Looks like you are using a Non-English keyboard on the target. Unfortunately, Kautilya is tested only on English (US) keyboard. I plan to work on supporting other keyboards by using ascii in future. If you have some suggestions, please put them forward.

Regarding the other question:

There is a reason why payloads in Kautilya are of singular functionality or it lacks support for multiple payloads. Increased functionality in single payload = more time required by HID to "type" on the victim. Same goes for payloads which download scripts (like hashdump_powershelldown), if you make the device "type" this script on victim it will take really long and thus increasing chances of being interrupted etc. It is more difficult on Linux (at least Ubuntu on which I tested), as keyboard bufeer seems to be very small and you must make the device to take frequent pauses while it "types".

So, I am not thinking of anything on that lines but I would be more than happy to help you (in any possible way) and welcome you if you would like to create something like that and contribute it to Kautilya.